US20050289648A1 - Method, apparatus and system for virtualized peer-to-peer proxy services - Google Patents

Method, apparatus and system for virtualized peer-to-peer proxy services Download PDF

Info

Publication number
US20050289648A1
US20050289648A1 US10/875,833 US87583304A US2005289648A1 US 20050289648 A1 US20050289648 A1 US 20050289648A1 US 87583304 A US87583304 A US 87583304A US 2005289648 A1 US2005289648 A1 US 2005289648A1
Authority
US
United States
Prior art keywords
content
hosts
virtual
host
machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US10/875,833
Other versions
US7788713B2 (en
Inventor
Steven Grobman
Carl Jones
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to US10/875,833 priority Critical patent/US7788713B2/en
Assigned to INTEL CORPORATION reassignment INTEL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GROBMAN, STEVEN, JONES, CARL C.
Publication of US20050289648A1 publication Critical patent/US20050289648A1/en
Application granted granted Critical
Publication of US7788713B2 publication Critical patent/US7788713B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1886Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with traffic restrictions for efficiency improvement, e.g. involving subnets or subdomains
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Definitions

  • Corporations typically maintain a separation between their internal network infrastructure and external networks (e.g., the Internet) via a firewall and/or corporate demilitarized zone(s) (“DMZs”).
  • the firewalls and/or DMZ are generally managed by a corporate information technology (“IT”) entity and may be utilized to restrict access to selected content on the external network.
  • IT corporate information technology
  • a device resides within the corporate intranet, its access to external internet content may be routed via one or more corporate proxy servers that enforce a variety of rules, i.e., blocks and/or restrictions, to maintain a uniform corporate content access policy.
  • rules may, for example, block devices on the corporate intranet from accessing content on pornographic websites, gaming websites and/or other websites that the corporation may deem unnecessary and/or undesirable for business purposes.
  • FIG. 1 illustrates a typical virtual host device
  • FIG. 2 illustrates conceptually a virtual proxy according to an embodiment of the present invention
  • FIG. 3 is a flowchart illustrating an embodiment of the present invention
  • FIG. 4 illustrates the peer-to-peer proxy services according to an embodiment of the present invention.
  • FIG. 5 is a flowchart illustrating an embodiment of the present invention.
  • Embodiments of the present invention provide a method, apparatus and system for virtualized peer-to-peer proxy services.
  • Any reference in the specification to “one embodiment” or “an embodiment” of the present invention means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention.
  • the appearances of the phrases “in one embodiment,” “according to one embodiment” or the like appearing in various places throughout the specification are not necessarily all referring to the same embodiment.
  • An embodiment of the present invention leverages virtualization technology to enable corporate IT departments to offer and/or enforce the same restrictions on devices when they are connected to the corporate intranet as when they are not connected to the intranet.
  • Virtualization technology enables multiple virtual operating environments within a single computing device, each seemingly in complete control of the resources of the device. Applications running within the respective virtual machines typically have no knowledge of the other virtual machines running on the host.
  • a virtual machine manager or virtual machine monitor (hereafter “VMM”) may monitor and/or allocate the host's resources to each virtual machine on the host.
  • VMMs are designed to ensure virtual machines (hereafter “VMs”) operate in complete isolation, as if they were separate physical devices. VMMs may be implemented in hardware, software, firmware or any combination thereof.
  • FIG. 1 illustrates an example of a typical virtual machine host device (“Host 100 ”).
  • VMM 150 typically executes on the device and presents an abstraction(s) of the device platform (i.e., “virtual machines” or “VMs”) to other software.
  • VMs virtual machines
  • FIG. 1 illustrates an example of a typical virtual machine host device (“Host 100 ”).
  • VMM 150 typically executes on the device and presents an abstraction(s) of the device platform (i.e., “virtual machines” or “VMs”) to other software.
  • VM 105 virtual machines
  • VM 110 hereafter referred to collectively as “Virtual Machines”
  • these Virtual Machines are merely illustrative and additional virtual machines may be added to the host.
  • VM 105 and VM 10 may function as self-contained platforms respectively, running their own “guest operating systems” (i.e., operating systems hosted by VMM 150 , illustrated as Guest OS 135 and Guest OS 140 ) and other software (the guest operating system and other software illustrated conceptually as “Guest Software 125 ” and “Guest Software 130 ”, hereafter referred to collectively as “Guest Software”).
  • guest operating systems i.e., operating systems hosted by VMM 150 , illustrated as Guest OS 135 and Guest OS 140
  • Each Guest OS and/or Guest Software operates as if it were running on a dedicated computer rather than a virtual machine. That is, each Guest OS and/or Guest Software may expect to control various events and have access to hardware resources. In reality, VMM 150 has ultimate control over the events and hardware resources and allocates resources to Guest OS and/or Guest Software as necessary. It is
  • a virtualized proxy may be implemented in a virtual machine on Host 100 .
  • a virtual machine on Host 100 .
  • the virtualized proxy may comprise Guest Software executing within one or more of the VMs of the virtual hosts.
  • the virtualized proxy may leverage VMM 150 's framework to enforce restrictive network routing, while leveraging the Guest OS network stack for general network routing capabilities and restriction enforcements.
  • user-accessible VMs on Host 100 may be restricted to a “VMM host-only” network, i.e., a network which does not have direct access to the physical network.
  • the VM containing the virtual proxy may have access to both the physical network and the “VMM host-only” network, thus having routing capabilities (i.e., provide general Internet Protocol (“IP”) routing for services that it does not proxy and application level proxy services for capabilities that it does proxy).
  • IP Internet Protocol
  • FIG. 2 illustrates an embodiment of the present invention.
  • the virtualized proxy (“Virtual Proxy 200 ”) may be embedded in one of the VM partitions (e.g., “VM 115 ”) on Host 100 (typically, but not necessarily, in a separate partition than the partitions accessible by the user).
  • VM partitions e.g., “VM 115 ”
  • Virtual Proxy 200 may be embedded in VM 115 , a separate virtual partition that is not accessible by the user and managed by the IT entity of the corporation.
  • Virtual Proxy 200 may thus be configured to implement a consistent corporate content policy, regardless of whether the device is connected to the corporate network.
  • Embodiments of the present invention may be practiced within various VM environments, e.g., including hardware implementations from Intel Corporation, software environments such as VMWare from VMWare Corporation, Virtual PC/Virtual Server from Microsoft Corporation and/or other emerging virtualization environments such as “VServer” (Version 0.28, December 2003), “Denali” ( 2002 , Department of Computer Science and Engineering, The University of Washington”) and/or “XEN” ( 2003 , Computer Laboratory, University of Cambridge), which are currently under development.
  • VM environments e.g., including hardware implementations from Intel Corporation, software environments such as VMWare from VMWare Corporation, Virtual PC/Virtual Server from Microsoft Corporation and/or other emerging virtualization environments such as “VServer” (Version 0.28, December 2003), “Denali” ( 2002 , Department of Computer Science and Engineering, The University of Washington”) and/or “XEN” ( 2003 , Computer Laboratory, University of Cambridge), which are currently under development.
  • all network traffic originating from the VM partitions on Host 100 may be configured to be routed via Virtual Proxy 200 .
  • VMM 150 is a hypervisor
  • all the VMs on Host 100 including VM 115 (containing Virtual Proxy 200 ) may be peers.
  • VMM 150 may map the physical networking capabilities of all the VMs on Host 100 to VM 115 (or more specifically, Virtual Proxy 200 ), thus ensuring that all network traffic from the VMs are routed via Virtual Proxy 200 .
  • all traffic to port 80 on Host 100 may be “blocked” by rerouting such traffic to Virtual Proxy 200 .
  • VM 115 may be a VM dedicated to Virtual Proxy 200 and/or a VM that also runs other applications. For security purposes, however, if VM 115 also runs other applications, the partition is ideally not user-accessible but rather only accessible by the administrative entity (e.g., the corporate IT department).
  • VMM 150 is running on a host OS (e.g., VMWare)
  • Virtual Proxy 200 may be implemented in VMM 150 or in one of the VM partitions.
  • Virtual Proxy 200 may be implemented as an application on the host OS.
  • FIG. 3 is a flow chart illustrating an embodiment of the present invention.
  • an application e.g., a Web browser
  • the request may be routed to and/or intercepted by a virtual proxy in 302 .
  • the virtual proxy may examine its configuration policy to determine whether the requested content is allowable. If the content is allowable, then in 304 the request may be transmitted to the appropriate content source to retrieve the content. If, however, the content is not allowable per the configuration polity, then in 305 , the request may be denied. In one embodiment, the user may receive notification that the request has been denied.
  • proxy servers may also provide additional services (in conjunction with access restrictions) to facilitate faster and more efficient access of content over the network.
  • the proxy server may cache content that it retrieves on behalf of a client on the network. Thereafter, if another client on the network requests the same content, the proxy server may transmit the content to the second client from its cache, instead of having to download the same content again from a remote source.
  • This proxy server caching functionality provides enterprise networks with significant performance benefits because it minimizes costly content downloads.
  • FIG. 4 illustrates an example of a network (“Network 400 ”) in which a virtual host device according to an embodiment of the present invention may execute.
  • the network may include multiple virtual machine devices configured according to an embodiment of the present invention (illustrated as Host 410 , Host 420 , Host 430 and Host 440 , collectively “Hosts”).
  • Each of these devices may include the functionality described above, namely each device may include a virtual proxy (illustrated as Virtual Proxy 415 , Virtual Proxy 425 , Virtual Proxy 435 and Virtual Proxy 445 , collectively “Virtual Proxies”).
  • Virtual Proxy 415 illustrated as Virtual Proxy 415 , Virtual Proxy 425 , Virtual Proxy 435 and Virtual Proxy 445 , collectively “Virtual Proxies”.
  • the Hosts may also include, for example, various other VMs, a VMM, etc.
  • Embodiments of the present invention enable each of the Hosts on the network to securely leverage content downloaded by any other of the Hosts on the network.
  • Network 300 is a LAN supporting 100 users in a field sales office of a corporation
  • one user e.g., Host 410 's user
  • may download a particular piece of content e.g., an OS patch
  • Core Network 450 the corporate IT department
  • the Virtual Proxies on Network 400 may be configured to broadcast and/or multicast content requests to all the Hosts on the network (“peers”).
  • Virtual Proxy 425 may broadcast and/or multicast the content request on behalf of Host 420 to all other Hosts on Network 400 . If none of the Hosts have previously downloaded the content, then Virtual Proxy 425 may route the content request to the appropriate remote source (i.e., Corporate Network 450 ”). In the above example, however, since the content was previously downloaded to Host 410 , Virtual Proxy 415 may respond to the broadcast/multicast to inform Virtual Proxy 425 that the desired content is available on Host 410 .
  • the appropriate remote source i.e., Corporate Network 450
  • Host 420 may thereafter copy the content from Host 410 instead of downloading the patch from Corporate Network 450 .
  • broadcast and “multicast” are well known to those of ordinary skill in the art and further description is omitted herein in order not to unnecessarily obscure embodiments of the present invention.
  • this “peer-to-peer” proxy caching scheme may achieve significant performance improvements.
  • an embodiment of the present invention may include a security scheme. More specifically, to ensure the integrity of the content accessed from peer devices, a content validation scheme may be enforced.
  • the responses from the various other Hosts on Network 400 may include a hash value (e.g., an MD5 hash value) of the content requested.
  • Host 420 may evaluate the responses (if more than one response is received) and select an appropriate location to copy the content from (e.g., Host 410 ).
  • the selection criteria may be as simple as choosing the first Host to respond to the request, or as complex as selecting the Host that is closest (based on network proximity) to Host 410 .
  • Host 420 may validate the hash value received from Host 410 against an authoritative site.
  • the authoritative site may, for example, comprise an IT server on Corporate Network 450 (“IT Server 455 ”), in which the OS patch is stored. Instead of requesting a download of the entire patch, however, Host 420 may simply request the MD5 hash value of the OS patch from IT Server 455 .
  • Host 420 may deem the content from Host 410 corrupt in some fashion and thereafter select an alternate Host (e.g., Host 430 ). Host 420 may then repeat the validation process for the MD5 hash value received from Host 430 against IT Server 455 .
  • Host 420 may proceed to copy the OS patch from Host 410 .
  • Virtual Proxy 425 on Host 420 may itself calculate the MD5 hash value of the content it just copied from Host 410 , to ensure that the content remains uncorrupted. The content may thereafter be accessible on the Host 420 .
  • Virtual Proxy 425 may discard the content it copied from Host 410 and repeat the process of validating the content on another virtual proxy on a different Host on the network or access the content directly from the original remote source.
  • the process of validating and copying the content from a peer Host on Network 400 provides improved network performance by eliminating an additional download from Network 450 .
  • FIG. 5 is a flow chart illustrating an embodiment of the present invention. Although the following operations may be described as a sequential process, many of the operations may in fact be performed in parallel and/or concurrently. In addition, the order of the operations may be re-arranged without departing from the spirit of embodiments of the invention.
  • a virtual proxy on a host may broadcast/multicast a content request.
  • the virtual proxy on the host may validate in 502 that the content is allowed, i.e., not restricted by policy.
  • the virtual proxy may receive responses from various peer hosts on the network, together with an MD5 hash value of the content on the peer host.
  • the virtual proxy may thereafter in 504 select a peer from the list of responses to the broadcast/multicast.
  • the virtual proxy may validate the MD5 hash value from the selected peer (e.g., by comparing it against the MD5 hash value of the original content from an authoritative site or by requesting the authoritative site to validate the content). If MD5 value of the original content from the authoritative site does not match the MD5 value of the content from the selected peer in 506 , then the virtual proxy may examine whether other peer hosts responded in 507 . If other peer hosts responded to the broadcast/multicast, the virtual proxy may select another peer in 504 and repeat the validation process against the authoritative site.
  • the virtual proxy may ultimately request another download of the content from a remote location in 508 . If, however, the MD5 value of the content from the authoritative site matches the MD5 value of the content from the selected peer in 506 , then the virtual proxy may copy the content from the selected peer to the host in 509 . The virtual proxy may then calculate a final MD5 value of the copied content in 510 to verify the content. If the content is verified in 512 , then the content may be available to the host. If, however, the content is not verified (i.e., the hash value is not validated against the authoritative site), then the virtual proxy may repeat the process in 504 (or in an alternate embodiment, access the content from the remote content site).
  • the hosts according to embodiments of the present invention may be implemented on a variety of computing devices.
  • computing devices may include various components capable of executing instructions to accomplish an embodiment of the present invention.
  • the computing devices may include and/or be coupled to at least one machine-accessible medium.
  • a “machine” includes, but is not limited to, any computing device with one or more processors.
  • a machine-accessible medium includes any mechanism that stores and/or transmits information in any form accessible by a computing device, the machine-accessible medium including but not limited to, recordable/non-recordable media (such as read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media and flash memory devices), as well as electrical, optical, acoustical or other form of propagated signals (such as carrier waves, infrared signals and digital signals).
  • recordable/non-recordable media such as read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media and flash memory devices
  • electrical, optical, acoustical or other form of propagated signals such as carrier waves, infrared signals and digital signals.
  • a computing device may include various other well-known components such as one or more processors.
  • the processor(s) and machine-accessible media may be communicatively coupled using a bridge/memory controller, and the processor may be capable of executing instructions stored in the machine-accessible media.
  • the bridge/memory controller may be coupled to a graphics controller, and the graphics controller may control the output of display data on a display device.
  • the bridge/memory controller may be coupled to one or more buses. One or more of these elements may be integrated together with the processor on a single package or using multiple packages or dies.
  • a host bus controller such as a Universal Serial Bus (“USB”) host controller may be coupled to the bus(es) and a plurality of devices may be coupled to the USB.
  • USB Universal Serial Bus
  • user input devices such as a keyboard and mouse may be included in the computing device for providing input data.
  • the host bus controller may be compatible with various other interconnect standards including PCI, PCI Express, FireWire and other such current and future standards

Abstract

A method, apparatus and system for virtualized proxy services are disclosed herein. Specifically, on one embodiment, a virtual proxy may be implemented in a virtual machine host. The virtual proxy may reside within a dedicated or shared virtual partition and may include a set of access restrictions. In one embodiment, a network including virtual machine hosts having virtual proxies may also provide additional peer-to-peer services. More specifically, a virtual proxy on a virtual host may be configured to broadcast/multicast content requests to other virtual hosts on the network prior to accessing the content from a remote location. If the content has previously been downloaded by another virtual host on the network, the virtual proxy on the requesting host may copy the content from the peer virtual host, instead of downloading the content from the remote location again. A variety of security measures may be implemented in one embodiment to ensure data integrity.

Description

    BACKGROUND
  • Corporations typically maintain a separation between their internal network infrastructure and external networks (e.g., the Internet) via a firewall and/or corporate demilitarized zone(s) (“DMZs”). The firewalls and/or DMZ are generally managed by a corporate information technology (“IT”) entity and may be utilized to restrict access to selected content on the external network. Thus, for example, while a device resides within the corporate intranet, its access to external internet content may be routed via one or more corporate proxy servers that enforce a variety of rules, i.e., blocks and/or restrictions, to maintain a uniform corporate content access policy. These rules may, for example, block devices on the corporate intranet from accessing content on pornographic websites, gaming websites and/or other websites that the corporation may deem unnecessary and/or undesirable for business purposes.
  • As telecommuting and/or the use of mobile devices becomes increasingly popular, more and more corporate employees are working from remote locations. When working from these remote locations, however, the computing device is no longer subject to the restrictions of the corporate IT department. Thus, for example, if a user is working from home and is connected directly to the Internet, the user may access and/or download any desired content. To ensure that users conform to the corporate policies, at most the corporate IT department may require the user to log in to the corporate network, thus availing the services of the corporate proxy servers to restrict access. This may prove especially cumbersome for remote users and may be difficult, if not impossible, for the corporate IT department to monitor and enforce. Thus, more often than not, remote users may attach to an external network without going through the corporate intranet, thus avoiding the restrictions enforced by the corporate proxy server.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention is illustrated by way of example and not limitation in the figures of the accompanying drawings in which like references indicate similar elements, and in which:
  • FIG. 1 illustrates a typical virtual host device;
  • FIG. 2 illustrates conceptually a virtual proxy according to an embodiment of the present invention;
  • FIG. 3 is a flowchart illustrating an embodiment of the present invention;
  • FIG. 4 illustrates the peer-to-peer proxy services according to an embodiment of the present invention; and
  • FIG. 5 is a flowchart illustrating an embodiment of the present invention.
    • DETAILED DESCRIPTION
  • Embodiments of the present invention provide a method, apparatus and system for virtualized peer-to-peer proxy services. Any reference in the specification to “one embodiment” or “an embodiment” of the present invention means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases “in one embodiment,” “according to one embodiment” or the like appearing in various places throughout the specification are not necessarily all referring to the same embodiment.
  • An embodiment of the present invention leverages virtualization technology to enable corporate IT departments to offer and/or enforce the same restrictions on devices when they are connected to the corporate intranet as when they are not connected to the intranet. Virtualization technology enables multiple virtual operating environments within a single computing device, each seemingly in complete control of the resources of the device. Applications running within the respective virtual machines typically have no knowledge of the other virtual machines running on the host. A virtual machine manager or virtual machine monitor (hereafter “VMM”) may monitor and/or allocate the host's resources to each virtual machine on the host. VMMs are designed to ensure virtual machines (hereafter “VMs”) operate in complete isolation, as if they were separate physical devices. VMMs may be implemented in hardware, software, firmware or any combination thereof.
  • FIG. 1 illustrates an example of a typical virtual machine host device (“Host 100”). As illustrated, VMM 150 typically executes on the device and presents an abstraction(s) of the device platform (i.e., “virtual machines” or “VMs”) to other software. Although only two VM partitions are illustrated (“VM 105” and “VM 110”, hereafter referred to collectively as “Virtual Machines”), these Virtual Machines are merely illustrative and additional virtual machines may be added to the host. VM 105 and VM 10 may function as self-contained platforms respectively, running their own “guest operating systems” (i.e., operating systems hosted by VMM 150, illustrated as Guest OS 135 and Guest OS 140) and other software (the guest operating system and other software illustrated conceptually as “Guest Software 125” and “Guest Software 130”, hereafter referred to collectively as “Guest Software”). Each Guest OS and/or Guest Software operates as if it were running on a dedicated computer rather than a virtual machine. That is, each Guest OS and/or Guest Software may expect to control various events and have access to hardware resources. In reality, VMM 150 has ultimate control over the events and hardware resources and allocates resources to Guest OS and/or Guest Software as necessary. It is known to those of ordinary skill in the art that VMM 150 may be implemented in software, hardware, firmware and/or any combination thereof (e.g., a VMM hosted by an operating system).
  • According to an embodiment of the present invention, a virtualized proxy may be implemented in a virtual machine on Host 100. Although the following description assumes a corporate enterprise managed by an IT entity for the purposes of illustration, embodiments of the present invention are not so limited. Instead, embodiments of the present invention may be implemented within any virtual machine environment wherein consistent access restrictions are desired (e.g., in a home Local Area Network (“LAN”), to enforce consistent content restrictions on all the home computing devices). According to various embodiments, the virtualized proxy may comprise Guest Software executing within one or more of the VMs of the virtual hosts. The virtualized proxy may leverage VMM 150's framework to enforce restrictive network routing, while leveraging the Guest OS network stack for general network routing capabilities and restriction enforcements. Thus, for example, in one embodiment, user-accessible VMs on Host 100 may be restricted to a “VMM host-only” network, i.e., a network which does not have direct access to the physical network. The VM containing the virtual proxy, however, may have access to both the physical network and the “VMM host-only” network, thus having routing capabilities (i.e., provide general Internet Protocol (“IP”) routing for services that it does not proxy and application level proxy services for capabilities that it does proxy).
  • FIG. 2 illustrates an embodiment of the present invention. As illustrated in FIG. 2, in one embodiment, the virtualized proxy (“Virtual Proxy 200”) may be embedded in one of the VM partitions (e.g., “VM 115”) on Host 100 (typically, but not necessarily, in a separate partition than the partitions accessible by the user). Thus, for example in FIG. 2, if VM 105 is the partition containing all Word documents and VM 110 is the partition that includes all the user's games, Virtual Proxy 200 may be embedded in VM 115, a separate virtual partition that is not accessible by the user and managed by the IT entity of the corporation. Virtual Proxy 200 may thus be configured to implement a consistent corporate content policy, regardless of whether the device is connected to the corporate network. Embodiments of the present invention may be practiced within various VM environments, e.g., including hardware implementations from Intel Corporation, software environments such as VMWare from VMWare Corporation, Virtual PC/Virtual Server from Microsoft Corporation and/or other emerging virtualization environments such as “VServer” (Version 0.28, December 2003), “Denali” (2002, Department of Computer Science and Engineering, The University of Washington”) and/or “XEN” (2003, Computer Laboratory, University of Cambridge), which are currently under development.
  • According to embodiments of the invention, all network traffic originating from the VM partitions on Host 100 may be configured to be routed via Virtual Proxy 200. In an embodiment wherein VMM 150 is a hypervisor, all the VMs on Host 100, including VM 115 (containing Virtual Proxy 200), may be peers. In this embodiment, VMM 150 may map the physical networking capabilities of all the VMs on Host 100 to VM 115 (or more specifically, Virtual Proxy 200), thus ensuring that all network traffic from the VMs are routed via Virtual Proxy 200. Thus, for example, all traffic to port 80 on Host 100 may be “blocked” by rerouting such traffic to Virtual Proxy 200. VM 115 may be a VM dedicated to Virtual Proxy 200 and/or a VM that also runs other applications. For security purposes, however, if VM 115 also runs other applications, the partition is ideally not user-accessible but rather only accessible by the administrative entity (e.g., the corporate IT department). In an alternate embodiment, where VMM 150 is running on a host OS (e.g., VMWare), Virtual Proxy 200 may be implemented in VMM 150 or in one of the VM partitions. In yet another embodiment, Virtual Proxy 200 may be implemented as an application on the host OS.
  • FIG. 3 is a flow chart illustrating an embodiment of the present invention. Although the following operations may be described as a sequential process, many of the operations may in fact be performed in parallel and/or concurrently. In addition, the order of the operations may be re-arranged without departing from the spirit of embodiments of the invention. In 301, an application (e.g., a Web browser) running in a virtual machine may issue a request for content. The request may be routed to and/or intercepted by a virtual proxy in 302. In 303, in one embodiment, the virtual proxy may examine its configuration policy to determine whether the requested content is allowable. If the content is allowable, then in 304 the request may be transmitted to the appropriate content source to retrieve the content. If, however, the content is not allowable per the configuration polity, then in 305, the request may be denied. In one embodiment, the user may receive notification that the request has been denied.
  • In typical enterprise environments, proxy servers may also provide additional services (in conjunction with access restrictions) to facilitate faster and more efficient access of content over the network. Thus, for example, in a typical enterprise network, the proxy server may cache content that it retrieves on behalf of a client on the network. Thereafter, if another client on the network requests the same content, the proxy server may transmit the content to the second client from its cache, instead of having to download the same content again from a remote source. This proxy server caching functionality provides enterprise networks with significant performance benefits because it minimizes costly content downloads.
  • For small networks such as Local Area Networks (“LANs”), however, an IT entity is unlikely to run a dedicated proxy server akin to those maintained in enterprise networks. In order to achieve similar performance benefits in these LAN environments (and/or other similar environments in which it may not be possible and/or cost effective to run a proxy server), the virtual proxy according to embodiments of the present invention (e.g., Virtual Proxy 200 as described above) may be configured to provide transparent peer-to-peer proxy services. FIG. 4 illustrates an example of a network (“Network 400”) in which a virtual host device according to an embodiment of the present invention may execute. As illustrated, the network may include multiple virtual machine devices configured according to an embodiment of the present invention (illustrated as Host 410, Host 420, Host 430 and Host 440, collectively “Hosts”). Each of these devices may include the functionality described above, namely each device may include a virtual proxy (illustrated as Virtual Proxy 415, Virtual Proxy 425, Virtual Proxy 435 and Virtual Proxy 445, collectively “Virtual Proxies”). It will be readily apparent to those of ordinary skill in the art that other details have been omitted herein in order not to unnecessarily obscure embodiments of the present invention. The Hosts may also include, for example, various other VMs, a VMM, etc.
  • Embodiments of the present invention enable each of the Hosts on the network to securely leverage content downloaded by any other of the Hosts on the network. Thus, for example, if Network 300 is a LAN supporting 100 users in a field sales office of a corporation, one user (e.g., Host 410's user) may download a particular piece of content (e.g., an OS patch) via an Internet connection to the corporate IT department (“Corporate Network 450”), and the content may be stored on Host 410. Thereafter, the Virtual Proxies on Network 400 may be configured to broadcast and/or multicast content requests to all the Hosts on the network (“peers”). Thus, for example, in one embodiment, if Host 420 desires to download the same OS patch previously downloaded by Host 410, Virtual Proxy 425 may broadcast and/or multicast the content request on behalf of Host 420 to all other Hosts on Network 400. If none of the Hosts have previously downloaded the content, then Virtual Proxy 425 may route the content request to the appropriate remote source (i.e., Corporate Network 450”). In the above example, however, since the content was previously downloaded to Host 410, Virtual Proxy 415 may respond to the broadcast/multicast to inform Virtual Proxy 425 that the desired content is available on Host 410. Host 420 may thereafter copy the content from Host 410 instead of downloading the patch from Corporate Network 450. The terms “broadcast” and “multicast” are well known to those of ordinary skill in the art and further description is omitted herein in order not to unnecessarily obscure embodiments of the present invention.
  • In one embodiment, this “peer-to-peer” proxy caching scheme may achieve significant performance improvements. In order for the Hosts on Network 400 to rely on the peer-to-peer proxy caching services, however, an embodiment of the present invention may include a security scheme. More specifically, to ensure the integrity of the content accessed from peer devices, a content validation scheme may be enforced. In one embodiment, when Host 420 broadcasts/multicasts its content request, the responses from the various other Hosts on Network 400 may include a hash value (e.g., an MD5 hash value) of the content requested. Host 420 may evaluate the responses (if more than one response is received) and select an appropriate location to copy the content from (e.g., Host 410). In various embodiments of the invention, the selection criteria may be as simple as choosing the first Host to respond to the request, or as complex as selecting the Host that is closest (based on network proximity) to Host 410.
  • Upon selection of Host 410 to copy the content from, in one embodiment, Host 420 may validate the hash value received from Host 410 against an authoritative site. In the example above wherein the content is an OS patch, the authoritative site may, for example, comprise an IT server on Corporate Network 450 (“IT Server 455”), in which the OS patch is stored. Instead of requesting a download of the entire patch, however, Host 420 may simply request the MD5 hash value of the OS patch from IT Server 455. If the MD5 hash value received from IT Server 455 does not match the hash value received from Host 410, Host 420 may deem the content from Host 410 corrupt in some fashion and thereafter select an alternate Host (e.g., Host 430). Host 420 may then repeat the validation process for the MD5 hash value received from Host 430 against IT Server 455.
  • If, however, the hash value received from IT Server 455 matches the hash value received from Host 410, then Host 420 may proceed to copy the OS patch from Host 410. As an additional measure of security, in one embodiment, Virtual Proxy 425 on Host 420 may itself calculate the MD5 hash value of the content it just copied from Host 410, to ensure that the content remains uncorrupted. The content may thereafter be accessible on the Host 420. If, however, the final MD5 hash value calculated by Virtual Proxy 425 on Host 420 does not match the value validated by the authoritative site (e.g., IT Server 455), Virtual Proxy 425 may discard the content it copied from Host 410 and repeat the process of validating the content on another virtual proxy on a different Host on the network or access the content directly from the original remote source. As will be readily apparent to those of ordinary skill in the art, the process of validating and copying the content from a peer Host on Network 400 provides improved network performance by eliminating an additional download from Network 450.
  • FIG. 5 is a flow chart illustrating an embodiment of the present invention. Although the following operations may be described as a sequential process, many of the operations may in fact be performed in parallel and/or concurrently. In addition, the order of the operations may be re-arranged without departing from the spirit of embodiments of the invention. In 501, a virtual proxy on a host may broadcast/multicast a content request. In one embodiment, the virtual proxy on the host may validate in 502 that the content is allowed, i.e., not restricted by policy. In 503, the virtual proxy may receive responses from various peer hosts on the network, together with an MD5 hash value of the content on the peer host. Based on one or more predetermined criteria, the virtual proxy may thereafter in 504 select a peer from the list of responses to the broadcast/multicast. In one embodiment, in 505, the virtual proxy may validate the MD5 hash value from the selected peer (e.g., by comparing it against the MD5 hash value of the original content from an authoritative site or by requesting the authoritative site to validate the content). If MD5 value of the original content from the authoritative site does not match the MD5 value of the content from the selected peer in 506, then the virtual proxy may examine whether other peer hosts responded in 507. If other peer hosts responded to the broadcast/multicast, the virtual proxy may select another peer in 504 and repeat the validation process against the authoritative site. If no other peer hosts responded or if the process fails with each peer host that responded, the virtual proxy may ultimately request another download of the content from a remote location in 508. If, however, the MD5 value of the content from the authoritative site matches the MD5 value of the content from the selected peer in 506, then the virtual proxy may copy the content from the selected peer to the host in 509. The virtual proxy may then calculate a final MD5 value of the copied content in 510 to verify the content. If the content is verified in 512, then the content may be available to the host. If, however, the content is not verified (i.e., the hash value is not validated against the authoritative site), then the virtual proxy may repeat the process in 504 (or in an alternate embodiment, access the content from the remote content site).
  • The hosts according to embodiments of the present invention may be implemented on a variety of computing devices. According to an embodiment of the present invention, computing devices may include various components capable of executing instructions to accomplish an embodiment of the present invention. For example, the computing devices may include and/or be coupled to at least one machine-accessible medium. As used in this specification, a “machine” includes, but is not limited to, any computing device with one or more processors. As used in this specification, a machine-accessible medium includes any mechanism that stores and/or transmits information in any form accessible by a computing device, the machine-accessible medium including but not limited to, recordable/non-recordable media (such as read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media and flash memory devices), as well as electrical, optical, acoustical or other form of propagated signals (such as carrier waves, infrared signals and digital signals).
  • According to an embodiment, a computing device may include various other well-known components such as one or more processors. The processor(s) and machine-accessible media may be communicatively coupled using a bridge/memory controller, and the processor may be capable of executing instructions stored in the machine-accessible media. The bridge/memory controller may be coupled to a graphics controller, and the graphics controller may control the output of display data on a display device. The bridge/memory controller may be coupled to one or more buses. One or more of these elements may be integrated together with the processor on a single package or using multiple packages or dies. A host bus controller such as a Universal Serial Bus (“USB”) host controller may be coupled to the bus(es) and a plurality of devices may be coupled to the USB. For example, user input devices such as a keyboard and mouse may be included in the computing device for providing input data. In alternate embodiments, the host bus controller may be compatible with various other interconnect standards including PCI, PCI Express, FireWire and other such current and future standards.
  • In the foregoing specification, the invention has been described with reference to specific exemplary embodiments thereof. It will, however, be appreciated that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention as set forth in the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Claims (33)

1. A method for providing a virtual proxy, comprising:
starting up a virtual proxy in a first virtual machine (“VM”) on a VM host, the virtual proxy capable of:
intercepting a content request from a second VM on the VM host; and
enforcing access restrictions on the content request.
2. The method according to claim 1 wherein the virtual proxy is further capable of:
routing the content request to a content source if the content request clears the access restrictions; and
denying the content request if the content request fails to clear the access restrictions.
3. The method according to claim 1 wherein the virtual proxy is further capable of caching content received in response to the content request.
4. The method according to claim 3 wherein the virtual proxy is further capable of:
receiving a second content request wherein the cached content is responsive to the second content request; and
responding to the second content request by providing a hash value of the cached content.
5. A method for providing a virtual proxy, comprising:
starting up a virtual proxy in a first virtual machine (“VM”) on a first VM host coupled to a network, the virtual proxy capable of:
intercepting a content request from a second VM on the first VM host;
enforcing access restrictions on the content request;
transmitting the content request via a broadcast protocol to other VM hosts coupled to the network; and
receiving a response from at least one of the other VM hosts coupled to the network if the at least one of the other VM hosts contains content corresponding to the content request.
6. The method according to claim 5 wherein the virtual proxy is further capable of:
examining the response from the at least one of the other VM hosts;
validating the content on the at least one of the other VM hosts using the response; and
determining based on the validation whether to copy the content from the at least one other VM host to the first VM host.
7. The method according to claim 6 wherein the response from the at least one other VM hosts comprises a hash value of the content.
8. The method according to claim 7 wherein validating the content further comprises one of:
comparing the hash value of the content from the at least one of the other VM hosts to a hash value requested from an authoritative site and requesting the authoritative site to validate the content by providing the authoritative entity with the hash value of the content from the at least one of the other VM hosts.
9. The method according to claim 8 wherein the virtual proxy is further capable of copying the content from the at least one other of the VM hosts to the first VM host if the content passes validation and selecting a second of the other VM hosts that responded if the content fails validation.
10. The method according to claim 9 wherein the virtual proxy is further capable of calculating a final hash value to validate the content if the content is copied from the at least one other of the VM hosts.
11. The method according to claim 10 wherein if the final hash value does not validate the content, the virtual proxy is capable of:
discarding the content; and
selecting one of:
a third of the other VM hosts that responded, and
a remote site containing the content.
12. A system for providing a virtual proxy, comprising:
a virtual machine manager;
a first virtual machine coupled to the virtual machine manager;
a second virtual machine coupled to the virtual machine manager;
a virtual proxy coupled to the virtual machine manager, the virtual proxy capable of intercepting content requests from the first virtual machine and the second virtual machine, the virtual proxy additionally capable of enforcing access restrictions to content corresponding to the content requests.
13. The system according to claim 12 wherein the virtual proxy is further capable of:
routing the content requests to a content source if the content request clear the access restrictions; and
denying the content requests if the content request fail to clear the access restrictions.
14. The system according to claim 13 wherein the virtual proxy is further capable of caching the content corresponding to the content requests.
15. The system according to claim 14 wherein the virtual proxy is further capable of:
receiving a second content request for the cached content received; and
responding to the second content request by providing a hash value of the cached content.
16. A system for providing a virtual proxy, comprising:
a first virtual machine (“VM”) host coupled to a network;
other VM hosts coupled to the network;
a virtual proxy in the first VM host, the virtual proxy capable of:
intercepting a content request from a VM on the first VM host;
enforcing access restrictions on the content request;
transmitting the content request via a broadcast protocol to the other VM hosts coupled to the network; and
receiving a response from at least one of the VM hosts coupled to the network if the at least one of the VM hosts contains content corresponding to the content request.
17. The system according to claim 16 wherein the virtual proxy is further capable of:
examining the response from the at least one of the other VM hosts;
validating the content on the at least one of the other VM hosts using the response;
determining based on the validation whether to copy the content from the at least one of the other VM hosts to the first VM host.
18. The system according to claim 17 wherein the response from the at least one of the other VM hosts comprises a hash value of the content.
19. The system according to claim 18 wherein the virtual proxy validates the content by one of:
comparing the hash value of the content from the at least one of the other VM hosts to a hash value requested from an authoritative entity, and
requesting the authoritative entity to validate the content.
20. The system according to claim 19 further wherein the virtual proxy is further capable of copying the content from the second VM host to the first VM host if the content passes validation and selecting a second of the other VM hosts that responded if the content fails validation.
21. The system according to claim 20 wherein the virtual proxy is further capable of calculating a final hash value to validate the content if the content is copied from the at least one other of the VM hosts.
22. The system according to claim 21 wherein if the final hash value does not validate the content, the virtual proxy is capable of:
discarding the content; and
selecting one of:
a third of the other VM hosts that responded, and
a remote site containing the content.
23. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a rnachine, cause the machine to:
start up a virtual proxy in a first virtual machine (“VM”) on a VM host, the virtual proxy capable of:
intercepting a content request from a second VM on the VM host; and
enforcing access restrictions on the content request.
24. The article according to claim 23 wherein the instructions, when executed by the machine, further cause the machine to:
route the content request to a content source if the content request clears the access restrictions; and
deny the content request if the content request fails to clear the access restrictions.
25. The article according to claim 23 wherein the instructions, when executed by the machine, further cause the machine to cache content received in response to the content request.
26. The article according to claim 25 wherein the instructions, when executed by the machine, further cause the machine to provide the virtual proxy capable of:
receiving a second content request for the cached content; and
responding to the second content request by providing a hash value of the cached content.
27. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to:
start up a virtual proxy in a first virtual machine (“VM”) on a first VM host coupled to a network, the virtual proxy capable of:
intercepting a content request from a second VM on the first VM host;
enforcing access restrictions on the content request;
transmitting the content request via a broadcast protocol to other VM hosts coupled to the network; and
receiving a response from at least one of the other VM hosts coupled to the network if the at least one of the other VM hosts contains content corresponding to the content request.
28. The article according to claim 27 wherein the instructions, when executed by the machine, further cause the machine to:
examine the response from the at least one of the other VM hosts;
validate the content on the at least one of the other VM hosts using the response; and
determine based on the validation whether to copy the content from the at least one of the other VM hosts to the first VM host.
29. The article according to claim 28 wherein the response from the at least one of the other VM hosts comprises a hash value of the content.
30. The article according to claim 29 wherein the instructions, when executed by the machine, further cause the machine to validate the content by one of: comparing the hash value of the content from the at least one of the other VM hosts to a hash value requested from an authoritative entity and requesting the authoritative entity to validate the content.
31. The article according to claim 30 wherein the instructions, when executed by the machine, further cause the machine to copy the content from the at least one other VM host to the first VM host if the hash value of the content from the at least one other VM host matches the hash value requested from the authoritative entity.
32. The article according to claim 31 wherein the instructions, when executed by the machine, further cause the machine to calculate a final hash value corresponding to the content copied from the at least one other VM host to validate the content.
33. The article according to claim 32 wherein the instructions, when executed by the machine, further cause the machine to discard the content and select one of: a third of the other VM hosts that responded, and a remote site containing the content, if the final hash value does not validate the content.
US10/875,833 2004-06-23 2004-06-23 Method, apparatus and system for virtualized peer-to-peer proxy services Active 2028-09-29 US7788713B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/875,833 US7788713B2 (en) 2004-06-23 2004-06-23 Method, apparatus and system for virtualized peer-to-peer proxy services

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/875,833 US7788713B2 (en) 2004-06-23 2004-06-23 Method, apparatus and system for virtualized peer-to-peer proxy services

Publications (2)

Publication Number Publication Date
US20050289648A1 true US20050289648A1 (en) 2005-12-29
US7788713B2 US7788713B2 (en) 2010-08-31

Family

ID=35507689

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/875,833 Active 2028-09-29 US7788713B2 (en) 2004-06-23 2004-06-23 Method, apparatus and system for virtualized peer-to-peer proxy services

Country Status (1)

Country Link
US (1) US7788713B2 (en)

Cited By (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070008324A1 (en) * 2005-07-08 2007-01-11 Microsoft Corporation Resource management for virtualization of graphics adapters
US20070150893A1 (en) * 2004-06-07 2007-06-28 Grobman Steven L Method, apparatus and system for enhanced CPU frequency governers
US20070234412A1 (en) * 2006-03-29 2007-10-04 Smith Ned M Using a proxy for endpoint access control
US20070300299A1 (en) * 2006-06-27 2007-12-27 Zimmer Vincent J Methods and apparatus to audit a computer in a sequestered partition
US20080022124A1 (en) * 2006-06-22 2008-01-24 Zimmer Vincent J Methods and apparatus to offload cryptographic processes
US20080235782A1 (en) * 2007-03-19 2008-09-25 Microsoft Corporation Providing remote services to legacy applications
US20080271114A1 (en) * 2004-12-27 2008-10-30 International Business Machines Corporation System for providing and utilizing a network trusted context
US20080320592A1 (en) * 2007-06-22 2008-12-25 Suit John M Method and system for cloaked observation and remediation of software attacks
US20080320561A1 (en) * 2007-06-22 2008-12-25 Suit John M Method and System for Collaboration Involving Enterprise Nodes
US20080320499A1 (en) * 2007-06-22 2008-12-25 Suit John M Method and System for Direct Insertion of a Virtual Machine Driver
EP2033110A1 (en) * 2006-06-29 2009-03-11 Microsoft Corporation Independent computation environment and provisioning of computing device functionality
EP2069941A1 (en) * 2006-09-29 2009-06-17 Microsoft Corporation Secure peer-to-peer cache sharing
US20090158299A1 (en) * 2007-10-31 2009-06-18 Carter Ernst B System for and method of uniform synchronization between multiple kernels running on single computer systems with multiple CPUs installed
US20090183173A1 (en) * 2007-06-22 2009-07-16 Daniel Lee Becker Method and system for determining a host machine by a virtual machine
US20090182928A1 (en) * 2007-06-22 2009-07-16 Daniel Lee Becker Method and system for tracking a virtual machine
US20090245521A1 (en) * 2008-03-31 2009-10-01 Balaji Vembu Method and apparatus for providing a secure display window inside the primary display
US7607011B1 (en) * 2004-07-16 2009-10-20 Rockwell Collins, Inc. System and method for multi-level security on a network
US20090293101A1 (en) * 2008-05-21 2009-11-26 Carter Stephen R Interoperable rights management
US20090319473A1 (en) * 2008-06-19 2009-12-24 Microsoft Corporation Method and system of using a local hosted cache and cryptographic hash functions to reduce network traffic
US20100023815A1 (en) * 2008-07-25 2010-01-28 Fujitsu Limited Managing apparatus, managing method, managing system and computer product
US20100031253A1 (en) * 2008-07-29 2010-02-04 Electronic Data Systems Corporation System and method for a virtualization infrastructure management environment
WO2010029123A1 (en) * 2008-09-15 2010-03-18 International Business Machines Corporation Securing live migration of a virtual machine within a service landscape
US20100077078A1 (en) * 2007-06-22 2010-03-25 Fortisphere, Inc. Network traffic analysis using a dynamically updating ontological network description
US7698380B1 (en) 2006-12-14 2010-04-13 Qurio Holdings, Inc. System and method of optimizing social networks and user levels based on prior network interactions
US7730216B1 (en) 2006-12-14 2010-06-01 Qurio Holdings, Inc. System and method of sharing content among multiple social network nodes using an aggregation node
US7764701B1 (en) 2006-02-22 2010-07-27 Qurio Holdings, Inc. Methods, systems, and products for classifying peer systems
US7779004B1 (en) 2006-02-22 2010-08-17 Qurio Holdings, Inc. Methods, systems, and products for characterizing target systems
US20100211789A1 (en) * 2009-02-13 2010-08-19 Alcatel-Lucent Inline key-based peer-to-peer processing
US7782866B1 (en) 2006-09-29 2010-08-24 Qurio Holdings, Inc. Virtual peer in a peer-to-peer network
US20100217970A1 (en) * 2002-08-23 2010-08-26 Exit-Cube, Inc. Encrypting operating system
US7801971B1 (en) 2006-09-26 2010-09-21 Qurio Holdings, Inc. Systems and methods for discovering, creating, using, and managing social network circuits
US20110010642A1 (en) * 2009-07-09 2011-01-13 Ricoh Company, Ltd. Image processing apparatus, display control method, and computer-readable recording medium
US20110010428A1 (en) * 2007-12-21 2011-01-13 Kevin Rui Peer-to-peer streaming and api services for plural applications
US7873988B1 (en) 2006-09-06 2011-01-18 Qurio Holdings, Inc. System and method for rights propagation and license management in conjunction with distribution of digital content in a social network
US7925592B1 (en) 2006-09-27 2011-04-12 Qurio Holdings, Inc. System and method of using a proxy server to manage lazy content distribution in a social network
US7992171B2 (en) 2006-09-06 2011-08-02 Qurio Holdings, Inc. System and method for controlled viral distribution of digital content in a social network
US20110307887A1 (en) * 2010-06-11 2011-12-15 International Business Machines Corporation Dynamic virtual machine shutdown without service interruptions
US8191062B2 (en) 2006-03-31 2012-05-29 Intel Corporation System for processor frequency governors to govern a processor frequency by deriving CPU utilization information based on the state of virtual machine monitor
US20120157123A1 (en) * 2010-12-15 2012-06-21 Google Inc. Peer-to-peer location service
US8276207B2 (en) 2006-12-11 2012-09-25 Qurio Holdings, Inc. System and method for social network trust assessment
US20130191830A1 (en) * 2010-10-12 2013-07-25 James M. Mann Managing Shared Data using a Virtual Machine
US8539570B2 (en) 2007-06-22 2013-09-17 Red Hat, Inc. Method for managing a virtual machine
US8554827B2 (en) 2006-09-29 2013-10-08 Qurio Holdings, Inc. Virtual peer for a content sharing system
US8656487B2 (en) 2005-09-23 2014-02-18 Intel Corporation System and method for filtering write requests to selected output ports
US20140115098A1 (en) * 2010-11-05 2014-04-24 Joshua Reich Methods, systems, and media for stored content distribution and access
WO2014154238A1 (en) * 2013-03-25 2014-10-02 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for distribution of content to consumers
US9092767B1 (en) * 2013-03-04 2015-07-28 Google Inc. Selecting a preferred payment instrument
US9354960B2 (en) 2010-12-27 2016-05-31 Red Hat, Inc. Assigning virtual machines to business application service groups based on ranking of the virtual machines
US20160156744A1 (en) * 2013-05-03 2016-06-02 Dell Products L.P. Virtual desktop accelerator with support for multiple cryptographic contexts
US9449186B2 (en) 2005-03-04 2016-09-20 Encrypthentica Limited System for and method of managing access to a system using combinations of user information
US9477572B2 (en) 2007-06-22 2016-10-25 Red Hat, Inc. Performing predictive modeling of virtual machine relationships
US9569330B2 (en) 2007-06-22 2017-02-14 Red Hat, Inc. Performing dependency analysis on nodes of a business application service group
US9727440B2 (en) 2007-06-22 2017-08-08 Red Hat, Inc. Automatic simulation of virtual machine performance
US9858572B2 (en) 2014-02-06 2018-01-02 Google Llc Dynamic alteration of track data
US10133607B2 (en) 2007-06-22 2018-11-20 Red Hat, Inc. Migration of network entities to a cloud infrastructure
US10185954B2 (en) 2012-07-05 2019-01-22 Google Llc Selecting a preferred payment instrument based on a merchant category
US10432421B2 (en) * 2014-11-20 2019-10-01 National University Corporation Nagoya University Communication control device and communication system
US20220231902A1 (en) * 2008-03-31 2022-07-21 Amazon Technologies, Inc. Authorizing communications between computing nodes
US20220366001A1 (en) * 2019-02-25 2022-11-17 Bright Data Ltd. System and method for url fetching retry mechanism
US11550608B2 (en) * 2019-10-31 2023-01-10 International Business Machines Corporation Guest-to-host virtual networking
WO2023009132A1 (en) * 2021-07-30 2023-02-02 Hewlett-Packard Development Company, L.P. Embedded security hardware proxy
US11949756B2 (en) 2013-08-28 2024-04-02 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11949729B2 (en) 2009-10-08 2024-04-02 Bright Data Ltd. System providing faster and more efficient data communication
US11956299B2 (en) 2023-09-27 2024-04-09 Bright Data Ltd. System providing faster and more efficient data communication

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007140487A2 (en) * 2006-06-01 2007-12-06 Verifides Technology Corp. Data access control systems and methods
US7610310B2 (en) * 2006-06-30 2009-10-27 Intel Corporation Method and system for the protected storage of downloaded media content via a virtualized platform
US8560634B2 (en) 2007-10-17 2013-10-15 Dispersive Networks, Inc. Apparatus, systems and methods utilizing dispersive networking
US8539098B2 (en) 2007-10-17 2013-09-17 Dispersive Networks, Inc. Multiplexed client server (MCS) communications and systems
US8090852B2 (en) * 2008-06-04 2012-01-03 Sophos Plc Managing use of proxies to access restricted network locations
US8955110B1 (en) 2011-01-14 2015-02-10 Robert W. Twitchell, Jr. IP jamming systems utilizing virtual dispersive networking
US8941659B1 (en) 2011-01-28 2015-01-27 Rescon Ltd Medical symptoms tracking apparatus, methods and systems
US9032214B2 (en) * 2011-06-30 2015-05-12 Dell Products L.P. System and method for providing an image to an information handling system
US8930685B2 (en) 2011-12-13 2015-01-06 International Business Machines Corporation Deployment of a software image on multiple targets with streaming technique
US9253174B1 (en) * 2013-02-28 2016-02-02 Google Inc. Providing a second factor authorization
US9407664B1 (en) * 2013-12-23 2016-08-02 Symantec Corporation Systems and methods for enforcing enterprise data access control policies in cloud computing environments
US10467019B2 (en) 2017-11-22 2019-11-05 Hewlett Packard Enterprise Development Lp Serving images to server groups

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078087A1 (en) * 2000-12-18 2002-06-20 Stone Alan E. Content indicator for accelerated detection of a changed web page
US20050027871A1 (en) * 2003-06-05 2005-02-03 William Bradley Interoperable systems and methods for peer-to-peer service orchestration
US20050132367A1 (en) * 2003-12-16 2005-06-16 Vijay Tewari Method, apparatus and system for proxying, aggregating and optimizing virtual machine information for network-based management
US20050138176A1 (en) * 2003-12-23 2005-06-23 Slipstream Data Inc. Meta-data based method for local cache utilization
US6922774B2 (en) * 2001-05-14 2005-07-26 The United States Of America As Represented By The National Security Agency Device for and method of secure computing using virtual machines
US7047406B2 (en) * 2001-03-21 2006-05-16 Qurlo Holdings, Inc. Method and system for providing a secure peer-to-peer file delivery network
US7136840B2 (en) * 2001-04-20 2006-11-14 Intertrust Technologies Corp. Systems and methods for conducting transactions and communications using a trusted third party

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078087A1 (en) * 2000-12-18 2002-06-20 Stone Alan E. Content indicator for accelerated detection of a changed web page
US7047406B2 (en) * 2001-03-21 2006-05-16 Qurlo Holdings, Inc. Method and system for providing a secure peer-to-peer file delivery network
US7136840B2 (en) * 2001-04-20 2006-11-14 Intertrust Technologies Corp. Systems and methods for conducting transactions and communications using a trusted third party
US6922774B2 (en) * 2001-05-14 2005-07-26 The United States Of America As Represented By The National Security Agency Device for and method of secure computing using virtual machines
US20050027871A1 (en) * 2003-06-05 2005-02-03 William Bradley Interoperable systems and methods for peer-to-peer service orchestration
US20050132367A1 (en) * 2003-12-16 2005-06-16 Vijay Tewari Method, apparatus and system for proxying, aggregating and optimizing virtual machine information for network-based management
US20050138176A1 (en) * 2003-12-23 2005-06-23 Slipstream Data Inc. Meta-data based method for local cache utilization

Cited By (108)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9098712B2 (en) 2002-08-23 2015-08-04 Exit-Cube (Hong Kong) Limited Encrypting operating system
US20100217970A1 (en) * 2002-08-23 2010-08-26 Exit-Cube, Inc. Encrypting operating system
US8407761B2 (en) 2002-08-23 2013-03-26 Exit-Cube, Inc. Encrypting operating system
US20070150893A1 (en) * 2004-06-07 2007-06-28 Grobman Steven L Method, apparatus and system for enhanced CPU frequency governers
US7739532B2 (en) 2004-06-07 2010-06-15 Intel Corporation Method, apparatus and system for enhanced CPU frequency governers
US7607011B1 (en) * 2004-07-16 2009-10-20 Rockwell Collins, Inc. System and method for multi-level security on a network
US20080271114A1 (en) * 2004-12-27 2008-10-30 International Business Machines Corporation System for providing and utilizing a network trusted context
US7661125B2 (en) * 2004-12-27 2010-02-09 International Business Machines Corporation System for providing and utilizing a network trusted context
US9449186B2 (en) 2005-03-04 2016-09-20 Encrypthentica Limited System for and method of managing access to a system using combinations of user information
US7650603B2 (en) * 2005-07-08 2010-01-19 Microsoft Corporation Resource management for virtualization of graphics adapters
US20070008324A1 (en) * 2005-07-08 2007-01-11 Microsoft Corporation Resource management for virtualization of graphics adapters
US8656487B2 (en) 2005-09-23 2014-02-18 Intel Corporation System and method for filtering write requests to selected output ports
US7779004B1 (en) 2006-02-22 2010-08-17 Qurio Holdings, Inc. Methods, systems, and products for characterizing target systems
US7764701B1 (en) 2006-02-22 2010-07-27 Qurio Holdings, Inc. Methods, systems, and products for classifying peer systems
US20070234412A1 (en) * 2006-03-29 2007-10-04 Smith Ned M Using a proxy for endpoint access control
US8191062B2 (en) 2006-03-31 2012-05-29 Intel Corporation System for processor frequency governors to govern a processor frequency by deriving CPU utilization information based on the state of virtual machine monitor
US20080022124A1 (en) * 2006-06-22 2008-01-24 Zimmer Vincent J Methods and apparatus to offload cryptographic processes
US20070300299A1 (en) * 2006-06-27 2007-12-27 Zimmer Vincent J Methods and apparatus to audit a computer in a sequestered partition
EP2033110A1 (en) * 2006-06-29 2009-03-11 Microsoft Corporation Independent computation environment and provisioning of computing device functionality
EP2033110A4 (en) * 2006-06-29 2012-01-18 Microsoft Corp Independent computation environment and provisioning of computing device functionality
US7873988B1 (en) 2006-09-06 2011-01-18 Qurio Holdings, Inc. System and method for rights propagation and license management in conjunction with distribution of digital content in a social network
US7992171B2 (en) 2006-09-06 2011-08-02 Qurio Holdings, Inc. System and method for controlled viral distribution of digital content in a social network
US7801971B1 (en) 2006-09-26 2010-09-21 Qurio Holdings, Inc. Systems and methods for discovering, creating, using, and managing social network circuits
US7925592B1 (en) 2006-09-27 2011-04-12 Qurio Holdings, Inc. System and method of using a proxy server to manage lazy content distribution in a social network
US8554827B2 (en) 2006-09-29 2013-10-08 Qurio Holdings, Inc. Virtual peer for a content sharing system
EP2069941A1 (en) * 2006-09-29 2009-06-17 Microsoft Corporation Secure peer-to-peer cache sharing
US7782866B1 (en) 2006-09-29 2010-08-24 Qurio Holdings, Inc. Virtual peer in a peer-to-peer network
EP2069941A4 (en) * 2006-09-29 2014-12-24 Microsoft Corp Secure peer-to-peer cache sharing
US8276207B2 (en) 2006-12-11 2012-09-25 Qurio Holdings, Inc. System and method for social network trust assessment
US8739296B2 (en) 2006-12-11 2014-05-27 Qurio Holdings, Inc. System and method for social network trust assessment
US7698380B1 (en) 2006-12-14 2010-04-13 Qurio Holdings, Inc. System and method of optimizing social networks and user levels based on prior network interactions
US7730216B1 (en) 2006-12-14 2010-06-01 Qurio Holdings, Inc. System and method of sharing content among multiple social network nodes using an aggregation node
US7945949B2 (en) 2007-03-19 2011-05-17 Microsoft Corporation Providing remote services to legacy applications
US20080235782A1 (en) * 2007-03-19 2008-09-25 Microsoft Corporation Providing remote services to legacy applications
US8336108B2 (en) * 2007-06-22 2012-12-18 Red Hat, Inc. Method and system for collaboration involving enterprise nodes
US8984504B2 (en) 2007-06-22 2015-03-17 Red Hat, Inc. Method and system for determining a host machine by a virtual machine
US8949827B2 (en) 2007-06-22 2015-02-03 Red Hat, Inc. Tracking a virtual machine
US8566941B2 (en) 2007-06-22 2013-10-22 Red Hat, Inc. Method and system for cloaked observation and remediation of software attacks
US9727440B2 (en) 2007-06-22 2017-08-08 Red Hat, Inc. Automatic simulation of virtual machine performance
US20100077078A1 (en) * 2007-06-22 2010-03-25 Fortisphere, Inc. Network traffic analysis using a dynamically updating ontological network description
US10133607B2 (en) 2007-06-22 2018-11-20 Red Hat, Inc. Migration of network entities to a cloud infrastructure
US9588821B2 (en) 2007-06-22 2017-03-07 Red Hat, Inc. Automatic determination of required resource allocation of virtual machines
US20090183173A1 (en) * 2007-06-22 2009-07-16 Daniel Lee Becker Method and system for determining a host machine by a virtual machine
US8127290B2 (en) 2007-06-22 2012-02-28 Red Hat, Inc. Method and system for direct insertion of a virtual machine driver
US8191141B2 (en) 2007-06-22 2012-05-29 Red Hat, Inc. Method and system for cloaked observation and remediation of software attacks
US8539570B2 (en) 2007-06-22 2013-09-17 Red Hat, Inc. Method for managing a virtual machine
US9569330B2 (en) 2007-06-22 2017-02-14 Red Hat, Inc. Performing dependency analysis on nodes of a business application service group
US20080320592A1 (en) * 2007-06-22 2008-12-25 Suit John M Method and system for cloaked observation and remediation of software attacks
US9477572B2 (en) 2007-06-22 2016-10-25 Red Hat, Inc. Performing predictive modeling of virtual machine relationships
US20080320561A1 (en) * 2007-06-22 2008-12-25 Suit John M Method and System for Collaboration Involving Enterprise Nodes
US9495152B2 (en) 2007-06-22 2016-11-15 Red Hat, Inc. Automatic baselining of business application service groups comprised of virtual machines
US20080320499A1 (en) * 2007-06-22 2008-12-25 Suit John M Method and System for Direct Insertion of a Virtual Machine Driver
US8429748B2 (en) 2007-06-22 2013-04-23 Red Hat, Inc. Network traffic analysis using a dynamically updating ontological network description
US20090182928A1 (en) * 2007-06-22 2009-07-16 Daniel Lee Becker Method and system for tracking a virtual machine
US20090158299A1 (en) * 2007-10-31 2009-06-18 Carter Ernst B System for and method of uniform synchronization between multiple kernels running on single computer systems with multiple CPUs installed
US9535733B2 (en) * 2007-12-21 2017-01-03 Intel Corporation Peer-to-peer streaming and API services for plural applications
US20110010428A1 (en) * 2007-12-21 2011-01-13 Kevin Rui Peer-to-peer streaming and api services for plural applications
EP2243254B1 (en) * 2007-12-21 2018-07-18 Intel Corporation Peer-to-peer streaming and api services for plural applications
US20220231902A1 (en) * 2008-03-31 2022-07-21 Amazon Technologies, Inc. Authorizing communications between computing nodes
US8646052B2 (en) * 2008-03-31 2014-02-04 Intel Corporation Method and apparatus for providing a secure display window inside the primary display
US20090245521A1 (en) * 2008-03-31 2009-10-01 Balaji Vembu Method and apparatus for providing a secure display window inside the primary display
US20090293101A1 (en) * 2008-05-21 2009-11-26 Carter Stephen R Interoperable rights management
US20090319473A1 (en) * 2008-06-19 2009-12-24 Microsoft Corporation Method and system of using a local hosted cache and cryptographic hash functions to reduce network traffic
US9747340B2 (en) * 2008-06-19 2017-08-29 Microsoft Technology Licensing, Llc Method and system of using a local hosted cache and cryptographic hash functions to reduce network traffic
US20100023815A1 (en) * 2008-07-25 2010-01-28 Fujitsu Limited Managing apparatus, managing method, managing system and computer product
EP2308004A4 (en) * 2008-07-29 2013-06-19 Hewlett Packard Development Co System and method for a virtualization infrastructure management environment
US20100031253A1 (en) * 2008-07-29 2010-02-04 Electronic Data Systems Corporation System and method for a virtualization infrastructure management environment
EP2308004A2 (en) * 2008-07-29 2011-04-13 Hewlett-Packard Development Company, L.P. System and method for a virtualization infrastructure management environment
US11210123B2 (en) 2008-09-15 2021-12-28 International Business Machines Corporation Securing live migration of a virtual machine including blocking communication with other virtual machines
WO2010029123A1 (en) * 2008-09-15 2010-03-18 International Business Machines Corporation Securing live migration of a virtual machine within a service landscape
US9385992B2 (en) * 2009-02-13 2016-07-05 Alcatel Lucent Inline key-based peer-to-peer processing
US20100211789A1 (en) * 2009-02-13 2010-08-19 Alcatel-Lucent Inline key-based peer-to-peer processing
US20110010642A1 (en) * 2009-07-09 2011-01-13 Ricoh Company, Ltd. Image processing apparatus, display control method, and computer-readable recording medium
US11949729B2 (en) 2009-10-08 2024-04-02 Bright Data Ltd. System providing faster and more efficient data communication
US20110307887A1 (en) * 2010-06-11 2011-12-15 International Business Machines Corporation Dynamic virtual machine shutdown without service interruptions
US8839238B2 (en) * 2010-06-11 2014-09-16 International Business Machines Corporation Dynamic virtual machine shutdown without service interruptions
GB2512667B (en) * 2010-10-12 2019-07-24 Hewlett Packard Development Co Managing shared data using a virtual machine
US20130191830A1 (en) * 2010-10-12 2013-07-25 James M. Mann Managing Shared Data using a Virtual Machine
US9930105B2 (en) 2010-11-05 2018-03-27 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for stored content distribution and access
US9609044B2 (en) * 2010-11-05 2017-03-28 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for stored content distribution and access
US20140115098A1 (en) * 2010-11-05 2014-04-24 Joshua Reich Methods, systems, and media for stored content distribution and access
US10601901B2 (en) 2010-11-05 2020-03-24 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for stored content distribution and access
US8326326B2 (en) * 2010-12-15 2012-12-04 Google Inc. Peer-to-peer location service
US8364172B2 (en) 2010-12-15 2013-01-29 Google Inc. Peer-to-peer location service
US20120157123A1 (en) * 2010-12-15 2012-06-21 Google Inc. Peer-to-peer location service
US8600409B2 (en) 2010-12-15 2013-12-03 Google Inc. Peer-to-peer location service
US9354960B2 (en) 2010-12-27 2016-05-31 Red Hat, Inc. Assigning virtual machines to business application service groups based on ranking of the virtual machines
US10185954B2 (en) 2012-07-05 2019-01-22 Google Llc Selecting a preferred payment instrument based on a merchant category
US9092767B1 (en) * 2013-03-04 2015-07-28 Google Inc. Selecting a preferred payment instrument
US9679284B2 (en) 2013-03-04 2017-06-13 Google Inc. Selecting a preferred payment instrument
US10579981B2 (en) 2013-03-04 2020-03-03 Google Llc Selecting a preferred payment instrument
WO2014154238A1 (en) * 2013-03-25 2014-10-02 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for distribution of content to consumers
US10009188B2 (en) * 2013-03-25 2018-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes for distribution of content to consumers
US20160036599A1 (en) * 2013-03-25 2016-02-04 Telefonaktiebolaget Lm Ericsson (Publ) Methods and Nodes for Distribution of Content to Consumers
US20160156744A1 (en) * 2013-05-03 2016-06-02 Dell Products L.P. Virtual desktop accelerator with support for multiple cryptographic contexts
US9553847B2 (en) * 2013-05-03 2017-01-24 Dell Products L.P. Virtual desktop accelerator with support for multiple cryptographic contexts
US11949755B2 (en) 2013-08-28 2024-04-02 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US11949756B2 (en) 2013-08-28 2024-04-02 Bright Data Ltd. System and method for improving internet communication by using intermediate nodes
US9858572B2 (en) 2014-02-06 2018-01-02 Google Llc Dynamic alteration of track data
US10432421B2 (en) * 2014-11-20 2019-10-01 National University Corporation Nagoya University Communication control device and communication system
US20230161832A1 (en) * 2019-02-25 2023-05-25 Bright Data Ltd. System and method for url fetching retry mechanism
US20220366001A1 (en) * 2019-02-25 2022-11-17 Bright Data Ltd. System and method for url fetching retry mechanism
US11550608B2 (en) * 2019-10-31 2023-01-10 International Business Machines Corporation Guest-to-host virtual networking
WO2023009132A1 (en) * 2021-07-30 2023-02-02 Hewlett-Packard Development Company, L.P. Embedded security hardware proxy
US11962430B2 (en) 2022-02-16 2024-04-16 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11962636B2 (en) 2023-02-22 2024-04-16 Bright Data Ltd. System providing faster and more efficient data communication
US11956094B2 (en) 2023-06-14 2024-04-09 Bright Data Ltd. System and method for improving content fetching by selecting tunnel devices
US11956299B2 (en) 2023-09-27 2024-04-09 Bright Data Ltd. System providing faster and more efficient data communication

Also Published As

Publication number Publication date
US7788713B2 (en) 2010-08-31

Similar Documents

Publication Publication Date Title
US7788713B2 (en) Method, apparatus and system for virtualized peer-to-peer proxy services
US11363067B2 (en) Distribution and management of services in virtual environments
JP6423047B2 (en) Virtual network interface object
JP6982006B2 (en) Hardware-based virtualization security isolation
AU2019277011B2 (en) Domain pass-through authentication in a hybrid cloud environment
US10013559B2 (en) Communication with a virtual trusted runtime BIOS
US8943606B2 (en) Systems and methods for associating a virtual machine with an access control right
US9864754B2 (en) Virtual desktop infrastructure private cloud
US20170351536A1 (en) Provide hypervisor manager native api call from api gateway to hypervisor manager
US20060161966A1 (en) Method and system for securing a remote file system
US11057358B2 (en) Concealment of customer sensitive data in virtual computing arrangements
US11902353B2 (en) Proxy-enabled communication across network boundaries by self-replicating applications
US11062049B2 (en) Concealment of customer sensitive data in virtual computing arrangements
US11122029B2 (en) Secure cloud computing
CN113330435A (en) Tracking contaminated connection proxies
CN113726917A (en) Domain name determination method and device and electronic equipment

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTEL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GROBMAN, STEVEN;JONES, CARL C.;REEL/FRAME:015524/0411

Effective date: 20040622

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552)

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12